Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

just a quick warning phpBB Hack

dragonsamadragonsama Registered User regular
I'm sure alpha is already on top of this but i figured I'd post it herein case this news went un-noticed.

http://www.p2pnet.net/story/8253
phpBB mass-hack warning

p2p news / p2pnet: Bots are registering user accounts on phpBB forums, "raising concerns that the bot's authors are laying the groundwork for mass exploitation down the road," warns Netcraft.


One such showed up on Digg, yesterday. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums," says the post. "During the last few days a bot using a name FuntKlakow, has been registering to maybe thousands of phpBB forums."

FuntKlakow's post signatures have included links to proxy surfing and traffic generator services, "raising the prospect that its goal may be spam rather than exploits,"says Netcraft.


"Bot is also capable for posting to forums, says Juuso Hukkanen on newsreader. "But most on most forums the bot keeps silent.


"Ok, what is a danger? Next time the phpBB announces a critical vulnerability, the bot would have everything ready (just a post click away) from attacking thousands of sites/forums.


"Best defence against these kinds of bot-members, might be setting up honeypot-forums, which the search engines can find but to which there are no permanent links from the web. When new bot-members are detected, such would be listed at each particular forum makers homepage.


"When a bot would then try to register to a forum, the forum program would check the user/bot inputted user-name (or other characteristics) and if those would match to those catched by a honeypot-forums, registering such user detais would be eliminated ( and possible IP banned for some time)."

Nor is this the first time phpBB has been in the news with security problems.

phpBB has been banned by some web hosts but, "That hasn't prevented a 79 percent increase in active sites using phpBB between June and December of 2005, according to data from our Web Server Survey and related datasets," adds Netcraft.

I'm pretty sure we are ok over here since Alpla is running a heavily modified version of this right?

dragonsama on

Posts

Sign In or Register to comment.